xref: /netbsd-src/sys/secmodel/suser/secmodel_suser.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /* $NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $ */
2 /*-
3  * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. The name of the author may not be used to endorse or promote products
15  *    derived from this software without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This file contains kauth(9) listeners needed to implement the traditional
31  * NetBSD superuser access restrictions.
32  *
33  * There are two main resources a request can be issued to: user-owned and
34  * system owned. For the first, traditional Unix access checks are done, as
35  * well as superuser checks. If needed, the request context is examined before
36  * a decision is made. For the latter, usually only superuser checks are done
37  * as normal users are not allowed to access system resources.
38  */
39 
40 #include <sys/cdefs.h>
41 __KERNEL_RCSID(0, "$NetBSD: secmodel_suser.c,v 1.46 2018/07/15 05:16:45 maxv Exp $");
42 
43 #include <sys/types.h>
44 #include <sys/param.h>
45 #include <sys/kauth.h>
46 
47 #include <sys/mutex.h>
48 #include <sys/mount.h>
49 #include <sys/socketvar.h>
50 #include <sys/sysctl.h>
51 #include <sys/vnode.h>
52 #include <sys/proc.h>
53 #include <sys/module.h>
54 
55 #include <secmodel/secmodel.h>
56 #include <secmodel/suser/suser.h>
57 
58 MODULE(MODULE_CLASS_SECMODEL, suser, NULL);
59 
60 static kauth_listener_t l_generic, l_system, l_process, l_network, l_machdep,
61     l_device, l_vnode;
62 
63 static secmodel_t suser_sm;
64 static struct sysctllog *suser_sysctl_log;
65 
66 void
67 sysctl_security_suser_setup(struct sysctllog **clog)
68 {
69 	const struct sysctlnode *rnode;
70 
71 	sysctl_createv(clog, 0, NULL, &rnode,
72 		       CTLFLAG_PERMANENT,
73 		       CTLTYPE_NODE, "models", NULL,
74 		       NULL, 0, NULL, 0,
75 		       CTL_SECURITY, CTL_CREATE, CTL_EOL);
76 
77 	sysctl_createv(clog, 0, &rnode, &rnode,
78 		       CTLFLAG_PERMANENT,
79 		       CTLTYPE_NODE, "suser", NULL,
80 		       NULL, 0, NULL, 0,
81 		       CTL_CREATE, CTL_EOL);
82 
83 	sysctl_createv(clog, 0, &rnode, NULL,
84 		       CTLFLAG_PERMANENT,
85 		       CTLTYPE_STRING, "name", NULL,
86 		       NULL, 0, __UNCONST(SECMODEL_SUSER_NAME), 0,
87 		       CTL_CREATE, CTL_EOL);
88 }
89 
90 void
91 secmodel_suser_init(void)
92 {
93 
94 }
95 
96 void
97 secmodel_suser_start(void)
98 {
99 	l_generic = kauth_listen_scope(KAUTH_SCOPE_GENERIC,
100 	    secmodel_suser_generic_cb, NULL);
101 	l_system = kauth_listen_scope(KAUTH_SCOPE_SYSTEM,
102 	    secmodel_suser_system_cb, NULL);
103 	l_process = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
104 	    secmodel_suser_process_cb, NULL);
105 	l_network = kauth_listen_scope(KAUTH_SCOPE_NETWORK,
106 	    secmodel_suser_network_cb, NULL);
107 	l_machdep = kauth_listen_scope(KAUTH_SCOPE_MACHDEP,
108 	    secmodel_suser_machdep_cb, NULL);
109 	l_device = kauth_listen_scope(KAUTH_SCOPE_DEVICE,
110 	    secmodel_suser_device_cb, NULL);
111 	l_vnode = kauth_listen_scope(KAUTH_SCOPE_VNODE,
112 	    secmodel_suser_vnode_cb, NULL);
113 }
114 
115 void
116 secmodel_suser_stop(void)
117 {
118 	kauth_unlisten_scope(l_generic);
119 	kauth_unlisten_scope(l_system);
120 	kauth_unlisten_scope(l_process);
121 	kauth_unlisten_scope(l_network);
122 	kauth_unlisten_scope(l_machdep);
123 	kauth_unlisten_scope(l_device);
124 	kauth_unlisten_scope(l_vnode);
125 }
126 
127 static bool
128 suser_isroot(kauth_cred_t cred)
129 {
130 	return kauth_cred_geteuid(cred) == 0;
131 }
132 
133 static int
134 suser_eval(const char *what, void *arg, void *ret)
135 {
136 	int error = 0;
137 
138 	if (strcasecmp(what, "is-root") == 0) {
139 		kauth_cred_t cred = arg;
140 		bool *bp = ret;
141 
142 		*bp = suser_isroot(cred);
143 	} else {
144 		error = ENOENT;
145 	}
146 
147 	return error;
148 }
149 
150 static int
151 suser_modcmd(modcmd_t cmd, void *arg)
152 {
153 	int error = 0;
154 
155 	switch (cmd) {
156 	case MODULE_CMD_INIT:
157 		error = secmodel_register(&suser_sm,
158 		    SECMODEL_SUSER_ID, SECMODEL_SUSER_NAME,
159 		    NULL, suser_eval, NULL);
160 		if (error != 0)
161 			printf("suser_modcmd::init: secmodel_register "
162 			    "returned %d\n", error);
163 
164 		secmodel_suser_init();
165 		secmodel_suser_start();
166 		sysctl_security_suser_setup(&suser_sysctl_log);
167 		break;
168 
169 	case MODULE_CMD_FINI:
170 		sysctl_teardown(&suser_sysctl_log);
171 		secmodel_suser_stop();
172 
173 		error = secmodel_deregister(suser_sm);
174 		if (error != 0)
175 			printf("suser_modcmd::fini: secmodel_deregister "
176 			    "returned %d\n", error);
177 
178 		break;
179 
180 	case MODULE_CMD_AUTOUNLOAD:
181 		error = EPERM;
182 		break;
183 
184 	default:
185 		error = ENOTTY;
186 		break;
187 	}
188 
189 	return (error);
190 }
191 
192 /*
193  * kauth(9) listener
194  *
195  * Security model: Traditional NetBSD
196  * Scope: Generic
197  * Responsibility: Superuser access
198  */
199 int
200 secmodel_suser_generic_cb(kauth_cred_t cred, kauth_action_t action,
201     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
202 {
203 	bool isroot;
204 	int result;
205 
206 	isroot = suser_isroot(cred);
207 	result = KAUTH_RESULT_DEFER;
208 
209 	switch (action) {
210 	case KAUTH_GENERIC_ISSUSER:
211 		if (isroot)
212 			result = KAUTH_RESULT_ALLOW;
213 		break;
214 
215 	default:
216 		break;
217 	}
218 
219 	return (result);
220 }
221 
222 /*
223  * kauth(9) listener
224  *
225  * Security model: Traditional NetBSD
226  * Scope: System
227  * Responsibility: Superuser access
228  */
229 int
230 secmodel_suser_system_cb(kauth_cred_t cred, kauth_action_t action,
231     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
232 {
233 	bool isroot;
234 	int result;
235 	enum kauth_system_req req;
236 
237 	isroot = suser_isroot(cred);
238 	result = KAUTH_RESULT_DEFER;
239 	req = (enum kauth_system_req)arg0;
240 
241 	switch (action) {
242 	case KAUTH_SYSTEM_CPU:
243 		switch (req) {
244 		case KAUTH_REQ_SYSTEM_CPU_SETSTATE:
245 			if (isroot)
246 				result = KAUTH_RESULT_ALLOW;
247 
248 			break;
249 
250 		default:
251 			break;
252 		}
253 
254 		break;
255 
256 	case KAUTH_SYSTEM_DEVMAPPER:
257 		if (isroot)
258 			result = KAUTH_RESULT_ALLOW;
259 
260 		break;
261 
262 	case KAUTH_SYSTEM_FS_QUOTA:
263 		switch (req) {
264 		case KAUTH_REQ_SYSTEM_FS_QUOTA_GET:
265 		case KAUTH_REQ_SYSTEM_FS_QUOTA_ONOFF:
266 		case KAUTH_REQ_SYSTEM_FS_QUOTA_MANAGE:
267 		case KAUTH_REQ_SYSTEM_FS_QUOTA_NOLIMIT:
268 			if (isroot)
269 				result = KAUTH_RESULT_ALLOW;
270 			break;
271 
272 		default:
273 			break;
274 		}
275 
276 		break;
277 
278 	case KAUTH_SYSTEM_SYSVIPC:
279 		switch (req) {
280 		case KAUTH_REQ_SYSTEM_SYSVIPC_BYPASS:
281 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_LOCK:
282 		case KAUTH_REQ_SYSTEM_SYSVIPC_SHM_UNLOCK:
283 		case KAUTH_REQ_SYSTEM_SYSVIPC_MSGQ_OVERSIZE:
284 			if (isroot)
285 				result = KAUTH_RESULT_ALLOW;
286 
287 			break;
288 
289 		default:
290 			break;
291 		}
292 
293 		break;
294 
295 	case KAUTH_SYSTEM_MOUNT:
296 		switch (req) {
297 		case KAUTH_REQ_SYSTEM_MOUNT_DEVICE:
298 		case KAUTH_REQ_SYSTEM_MOUNT_GET:
299 		case KAUTH_REQ_SYSTEM_MOUNT_NEW:
300 		case KAUTH_REQ_SYSTEM_MOUNT_UNMOUNT:
301 		case KAUTH_REQ_SYSTEM_MOUNT_UPDATE:
302 		case KAUTH_REQ_SYSTEM_MOUNT_UMAP:
303 			if (isroot) {
304 				result = KAUTH_RESULT_ALLOW;
305 				break;
306 			}
307 
308 			break;
309 
310 		default:
311 			break;
312 		}
313 
314 		break;
315 
316 	case KAUTH_SYSTEM_MQUEUE:
317 		if (isroot)
318 			result = KAUTH_RESULT_ALLOW;
319 
320 		break;
321 
322 	case KAUTH_SYSTEM_PSET:
323 		switch (req) {
324 		case KAUTH_REQ_SYSTEM_PSET_ASSIGN:
325 		case KAUTH_REQ_SYSTEM_PSET_BIND:
326 		case KAUTH_REQ_SYSTEM_PSET_CREATE:
327 		case KAUTH_REQ_SYSTEM_PSET_DESTROY:
328 			if (isroot)
329 				result = KAUTH_RESULT_ALLOW;
330 
331 			break;
332 
333 		default:
334 			break;
335 		}
336 
337 		break;
338 
339 	case KAUTH_SYSTEM_TIME:
340 		switch (req) {
341 		case KAUTH_REQ_SYSTEM_TIME_ADJTIME:
342 		case KAUTH_REQ_SYSTEM_TIME_NTPADJTIME:
343 		case KAUTH_REQ_SYSTEM_TIME_TIMECOUNTERS:
344 		case KAUTH_REQ_SYSTEM_TIME_SYSTEM:
345 		case KAUTH_REQ_SYSTEM_TIME_RTCOFFSET:
346 			if (isroot)
347 				result = KAUTH_RESULT_ALLOW;
348 			break;
349 
350 		default:
351 			break;
352 		}
353 		break;
354 
355 	case KAUTH_SYSTEM_SEMAPHORE:
356 		if (isroot)
357 			result = KAUTH_RESULT_ALLOW;
358 
359 		break;
360 
361 	case KAUTH_SYSTEM_SYSCTL:
362 		switch (req) {
363 		case KAUTH_REQ_SYSTEM_SYSCTL_ADD:
364 		case KAUTH_REQ_SYSTEM_SYSCTL_DELETE:
365 		case KAUTH_REQ_SYSTEM_SYSCTL_DESC:
366 		case KAUTH_REQ_SYSTEM_SYSCTL_MODIFY:
367 		case KAUTH_REQ_SYSTEM_SYSCTL_PRVT:
368 			if (isroot)
369 				result = KAUTH_RESULT_ALLOW;
370 			break;
371 
372 		default:
373 			break;
374 		}
375 
376 		break;
377 
378 	case KAUTH_SYSTEM_SWAPCTL:
379 	case KAUTH_SYSTEM_ACCOUNTING:
380 	case KAUTH_SYSTEM_REBOOT:
381 	case KAUTH_SYSTEM_CHROOT:
382 	case KAUTH_SYSTEM_FILEHANDLE:
383 	case KAUTH_SYSTEM_MKNOD:
384 	case KAUTH_SYSTEM_SETIDCORE:
385 	case KAUTH_SYSTEM_MODULE:
386 	case KAUTH_SYSTEM_FS_RESERVEDSPACE:
387 	case KAUTH_SYSTEM_MAP_VA_ZERO:
388 	case KAUTH_SYSTEM_FS_EXTATTR:
389 	case KAUTH_SYSTEM_FS_SNAPSHOT:
390 		if (isroot)
391 			result = KAUTH_RESULT_ALLOW;
392 		break;
393 
394 	case KAUTH_SYSTEM_DEBUG:
395 		break;
396 
397 	case KAUTH_SYSTEM_CHSYSFLAGS:
398 		/* Deprecated. */
399 		if (isroot)
400 			result = KAUTH_RESULT_ALLOW;
401 
402 		break;
403 
404 	case KAUTH_SYSTEM_VERIEXEC:
405 		switch (req) {
406 		case KAUTH_REQ_SYSTEM_VERIEXEC_ACCESS:
407 		case KAUTH_REQ_SYSTEM_VERIEXEC_MODIFY:
408 			if (isroot)
409 				result = KAUTH_RESULT_ALLOW;
410 
411 			break;
412 
413 		default:
414 			break;
415 		}
416 
417 		break;
418 
419 	case KAUTH_SYSTEM_LFS:
420 		switch (req) {
421 		case KAUTH_REQ_SYSTEM_LFS_MARKV:
422 		case KAUTH_REQ_SYSTEM_LFS_BMAPV:
423 		case KAUTH_REQ_SYSTEM_LFS_SEGCLEAN:
424 		case KAUTH_REQ_SYSTEM_LFS_SEGWAIT:
425 		case KAUTH_REQ_SYSTEM_LFS_FCNTL:
426 			if (isroot)
427 				result = KAUTH_RESULT_ALLOW;
428 
429 		default:
430 			break;
431 		}
432 
433 		break;
434 
435 	case KAUTH_SYSTEM_INTR:
436 		switch (req) {
437 		case KAUTH_REQ_SYSTEM_INTR_AFFINITY:
438 			if (isroot)
439 				result = KAUTH_RESULT_ALLOW;
440 
441 			break;
442 
443 		default:
444 			break;
445 		}
446 
447 		break;
448 
449 	default:
450 		break;
451 	}
452 
453 	return (result);
454 }
455 
456 /*
457  * kauth(9) listener
458  *
459  * Security model: Traditional NetBSD
460  * Scope: Process
461  * Responsibility: Superuser access
462  */
463 int
464 secmodel_suser_process_cb(kauth_cred_t cred, kauth_action_t action,
465     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
466 {
467 	bool isroot;
468 	int result;
469 
470 	isroot = suser_isroot(cred);
471 	result = KAUTH_RESULT_DEFER;
472 
473 	switch (action) {
474 	case KAUTH_PROCESS_SIGNAL:
475 	case KAUTH_PROCESS_KTRACE:
476 	case KAUTH_PROCESS_PROCFS:
477 	case KAUTH_PROCESS_PTRACE:
478 	case KAUTH_PROCESS_SCHEDULER_GETPARAM:
479 	case KAUTH_PROCESS_SCHEDULER_SETPARAM:
480 	case KAUTH_PROCESS_SCHEDULER_GETAFFINITY:
481 	case KAUTH_PROCESS_SCHEDULER_SETAFFINITY:
482 	case KAUTH_PROCESS_SETID:
483 	case KAUTH_PROCESS_KEVENT_FILTER:
484 	case KAUTH_PROCESS_NICE:
485 	case KAUTH_PROCESS_FORK:
486 	case KAUTH_PROCESS_CORENAME:
487 	case KAUTH_PROCESS_STOPFLAG:
488 		if (isroot)
489 			result = KAUTH_RESULT_ALLOW;
490 
491 		break;
492 
493 	case KAUTH_PROCESS_CANSEE: {
494 		unsigned long req;
495 
496 		req = (unsigned long)arg1;
497 
498 		switch (req) {
499 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
500 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
501 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
502 			if (isroot) {
503 				result = KAUTH_RESULT_ALLOW;
504 				break;
505 			}
506 
507 			break;
508 
509 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
510 			if (isroot)
511 				result = KAUTH_RESULT_ALLOW;
512 
513 			break;
514 
515 		default:
516 			break;
517 		}
518 
519 		break;
520 		}
521 
522 	case KAUTH_PROCESS_RLIMIT: {
523 		enum kauth_process_req req;
524 
525 		req = (enum kauth_process_req)(unsigned long)arg1;
526 
527 		switch (req) {
528 		case KAUTH_REQ_PROCESS_RLIMIT_SET:
529 		case KAUTH_REQ_PROCESS_RLIMIT_GET:
530 		case KAUTH_REQ_PROCESS_RLIMIT_BYPASS:
531 			if (isroot)
532 				result = KAUTH_RESULT_ALLOW;
533 
534 			break;
535 
536 		default:
537 			break;
538 		}
539 
540 		break;
541 		}
542 
543 	default:
544 		break;
545 	}
546 
547 	return (result);
548 }
549 
550 /*
551  * kauth(9) listener
552  *
553  * Security model: Traditional NetBSD
554  * Scope: Network
555  * Responsibility: Superuser access
556  */
557 int
558 secmodel_suser_network_cb(kauth_cred_t cred, kauth_action_t action,
559     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
560 {
561 	bool isroot;
562 	int result;
563 	enum kauth_network_req req;
564 
565 	isroot = suser_isroot(cred);
566 	result = KAUTH_RESULT_DEFER;
567 	req = (enum kauth_network_req)arg0;
568 
569 	switch (action) {
570 	case KAUTH_NETWORK_ALTQ:
571 		switch (req) {
572 		case KAUTH_REQ_NETWORK_ALTQ_AFMAP:
573 		case KAUTH_REQ_NETWORK_ALTQ_BLUE:
574 		case KAUTH_REQ_NETWORK_ALTQ_CBQ:
575 		case KAUTH_REQ_NETWORK_ALTQ_CDNR:
576 		case KAUTH_REQ_NETWORK_ALTQ_CONF:
577 		case KAUTH_REQ_NETWORK_ALTQ_FIFOQ:
578 		case KAUTH_REQ_NETWORK_ALTQ_HFSC:
579 		case KAUTH_REQ_NETWORK_ALTQ_JOBS:
580 		case KAUTH_REQ_NETWORK_ALTQ_PRIQ:
581 		case KAUTH_REQ_NETWORK_ALTQ_RED:
582 		case KAUTH_REQ_NETWORK_ALTQ_RIO:
583 		case KAUTH_REQ_NETWORK_ALTQ_WFQ:
584 			if (isroot)
585 				result = KAUTH_RESULT_ALLOW;
586 			break;
587 
588 		default:
589 			break;
590 		}
591 
592 		break;
593 
594 	case KAUTH_NETWORK_BIND:
595 		switch (req) {
596 		case KAUTH_REQ_NETWORK_BIND_PORT:
597 		case KAUTH_REQ_NETWORK_BIND_PRIVPORT:
598 			if (isroot)
599 				result = KAUTH_RESULT_ALLOW;
600 			break;
601 
602 		default:
603 			break;
604 		}
605 		break;
606 
607 	case KAUTH_NETWORK_FIREWALL:
608 		switch (req) {
609 		case KAUTH_REQ_NETWORK_FIREWALL_FW:
610 		case KAUTH_REQ_NETWORK_FIREWALL_NAT:
611 			if (isroot)
612 				result = KAUTH_RESULT_ALLOW;
613 
614 			break;
615 
616 		default:
617 			break;
618 		}
619 		break;
620 
621 	case KAUTH_NETWORK_FORWSRCRT:
622 	case KAUTH_NETWORK_ROUTE:
623 		if (isroot)
624 			result = KAUTH_RESULT_ALLOW;
625 
626 		break;
627 
628 	case KAUTH_NETWORK_INTERFACE:
629 		switch (req) {
630 		case KAUTH_REQ_NETWORK_INTERFACE_GET:
631 		case KAUTH_REQ_NETWORK_INTERFACE_SET:
632 		case KAUTH_REQ_NETWORK_INTERFACE_GETPRIV:
633 		case KAUTH_REQ_NETWORK_INTERFACE_SETPRIV:
634 		case KAUTH_REQ_NETWORK_INTERFACE_FIRMWARE:
635 			if (isroot)
636 				result = KAUTH_RESULT_ALLOW;
637 			break;
638 
639 		default:
640 			break;
641 		}
642 		break;
643 
644 	case KAUTH_NETWORK_INTERFACE_BRIDGE:
645 		switch (req) {
646 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_GETPRIV:
647 		case KAUTH_REQ_NETWORK_INTERFACE_BRIDGE_SETPRIV:
648 			if (isroot)
649 				result = KAUTH_RESULT_ALLOW;
650 			break;
651 
652 		default:
653 			break;
654 		}
655 
656 		break;
657 
658 	case KAUTH_NETWORK_INTERFACE_PPP:
659 		switch (req) {
660 		case KAUTH_REQ_NETWORK_INTERFACE_PPP_ADD:
661 			if (isroot)
662 				result = KAUTH_RESULT_ALLOW;
663 			break;
664 
665 		default:
666 			break;
667 		}
668 
669 		break;
670 
671 	case KAUTH_NETWORK_INTERFACE_PVC:
672 		switch (req) {
673 		case KAUTH_REQ_NETWORK_INTERFACE_PVC_ADD:
674 			if (isroot)
675 				result = KAUTH_RESULT_ALLOW;
676 
677 			break;
678 
679 		default:
680 			break;
681 		}
682 
683 		break;
684 
685 	case KAUTH_NETWORK_INTERFACE_SLIP:
686 		switch (req) {
687 		case KAUTH_REQ_NETWORK_INTERFACE_SLIP_ADD:
688 			if (isroot)
689 				result = KAUTH_RESULT_ALLOW;
690 			break;
691 
692 		default:
693 			break;
694 		}
695 
696 		break;
697 
698 	case KAUTH_NETWORK_INTERFACE_STRIP:
699 		switch (req) {
700 		case KAUTH_REQ_NETWORK_INTERFACE_STRIP_ADD:
701 			if (isroot)
702 				result = KAUTH_RESULT_ALLOW;
703 			break;
704 
705 		default:
706 			break;
707 		}
708 
709 		break;
710 
711 	case KAUTH_NETWORK_INTERFACE_TUN:
712 		switch (req) {
713 		case KAUTH_REQ_NETWORK_INTERFACE_TUN_ADD:
714 			if (isroot)
715 				result = KAUTH_RESULT_ALLOW;
716 			break;
717 
718 		default:
719 			break;
720 		}
721 
722 		break;
723 
724 	case KAUTH_NETWORK_IPV6:
725 		switch (req) {
726 		case KAUTH_REQ_NETWORK_IPV6_HOPBYHOP:
727 		case KAUTH_REQ_NETWORK_IPV6_JOIN_MULTICAST:
728 			if (isroot)
729 				result = KAUTH_RESULT_ALLOW;
730 
731 			break;
732 
733 		default:
734 			break;
735 		}
736 
737 		break;
738 
739 	case KAUTH_NETWORK_NFS:
740 		switch (req) {
741 		case KAUTH_REQ_NETWORK_NFS_EXPORT:
742 		case KAUTH_REQ_NETWORK_NFS_SVC:
743 			if (isroot)
744 				result = KAUTH_RESULT_ALLOW;
745 
746 			break;
747 
748 		default:
749 			break;
750 		}
751 		break;
752 
753 	case KAUTH_NETWORK_SMB:
754 		switch (req) {
755 		case KAUTH_REQ_NETWORK_SMB_SHARE_ACCESS:
756 		case KAUTH_REQ_NETWORK_SMB_SHARE_CREATE:
757 		case KAUTH_REQ_NETWORK_SMB_VC_ACCESS:
758 		case KAUTH_REQ_NETWORK_SMB_VC_CREATE:
759 			if (isroot)
760 				result = KAUTH_RESULT_ALLOW;
761 
762 			break;
763 
764 		default:
765 			break;
766 		}
767 
768 		break;
769 
770 	case KAUTH_NETWORK_SOCKET:
771 		switch (req) {
772 		case KAUTH_REQ_NETWORK_SOCKET_DROP:
773 		case KAUTH_REQ_NETWORK_SOCKET_OPEN:
774 		case KAUTH_REQ_NETWORK_SOCKET_RAWSOCK:
775 		case KAUTH_REQ_NETWORK_SOCKET_SETPRIV:
776 			if (isroot)
777 				result = KAUTH_RESULT_ALLOW;
778 			break;
779 
780 		case KAUTH_REQ_NETWORK_SOCKET_CANSEE:
781 			if (isroot) {
782 				result = KAUTH_RESULT_ALLOW;
783 				break;
784 			}
785 
786 			break;
787 
788 		default:
789 			break;
790 		}
791 
792 		break;
793 
794 	case KAUTH_NETWORK_IPSEC:
795 		switch (req) {
796 		case KAUTH_REQ_NETWORK_IPSEC_BYPASS:
797 			if (isroot)
798 				result = KAUTH_RESULT_ALLOW;
799 
800 			break;
801 
802 		default:
803 			break;
804 		}
805 
806 		break;
807 
808 	default:
809 		break;
810 	}
811 
812 	return (result);
813 }
814 
815 /*
816  * kauth(9) listener
817  *
818  * Security model: Traditional NetBSD
819  * Scope: Machdep
820  * Responsibility: Superuser access
821  */
822 int
823 secmodel_suser_machdep_cb(kauth_cred_t cred, kauth_action_t action,
824     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
825 {
826 	bool isroot;
827 	int result;
828 
829 	isroot = suser_isroot(cred);
830 	result = KAUTH_RESULT_DEFER;
831 
832 	switch (action) {
833 	case KAUTH_MACHDEP_CPU_UCODE_APPLY:
834 	case KAUTH_MACHDEP_IOPERM_GET:
835 	case KAUTH_MACHDEP_LDT_GET:
836 	case KAUTH_MACHDEP_LDT_SET:
837 	case KAUTH_MACHDEP_MTRR_GET:
838 	case KAUTH_MACHDEP_CACHEFLUSH:
839 	case KAUTH_MACHDEP_IOPERM_SET:
840 	case KAUTH_MACHDEP_IOPL:
841 	case KAUTH_MACHDEP_MTRR_SET:
842 	case KAUTH_MACHDEP_NVRAM:
843 	case KAUTH_MACHDEP_UNMANAGEDMEM:
844 	case KAUTH_MACHDEP_PXG:
845 	case KAUTH_MACHDEP_SVS_DISABLE:
846 		if (isroot)
847 			result = KAUTH_RESULT_ALLOW;
848 		break;
849 
850 	default:
851 		break;
852 	}
853 
854 	return (result);
855 }
856 
857 /*
858  * kauth(9) listener
859  *
860  * Security model: Traditional NetBSD
861  * Scope: Device
862  * Responsibility: Superuser access
863  */
864 int
865 secmodel_suser_device_cb(kauth_cred_t cred, kauth_action_t action,
866     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
867 {
868 	bool isroot;
869 	int result;
870 
871 	isroot = suser_isroot(cred);
872 	result = KAUTH_RESULT_DEFER;
873 
874 	switch (action) {
875 	case KAUTH_DEVICE_BLUETOOTH_SETPRIV:
876 	case KAUTH_DEVICE_BLUETOOTH_SEND:
877 	case KAUTH_DEVICE_BLUETOOTH_RECV:
878 	case KAUTH_DEVICE_TTY_OPEN:
879 	case KAUTH_DEVICE_TTY_PRIVSET:
880 	case KAUTH_DEVICE_TTY_STI:
881 	case KAUTH_DEVICE_TTY_VIRTUAL:
882 	case KAUTH_DEVICE_RND_ADDDATA:
883 	case KAUTH_DEVICE_RND_ADDDATA_ESTIMATE:
884 	case KAUTH_DEVICE_RND_GETPRIV:
885 	case KAUTH_DEVICE_RND_SETPRIV:
886 	case KAUTH_DEVICE_WSCONS_KEYBOARD_BELL:
887 	case KAUTH_DEVICE_WSCONS_KEYBOARD_KEYREPEAT:
888 		if (isroot)
889 			result = KAUTH_RESULT_ALLOW;
890 		break;
891 
892 	case KAUTH_DEVICE_BLUETOOTH_BCSP:
893 	case KAUTH_DEVICE_BLUETOOTH_BTUART: {
894 		enum kauth_device_req req;
895 
896 		req = (enum kauth_device_req)arg0;
897 		switch (req) {
898 		case KAUTH_REQ_DEVICE_BLUETOOTH_BCSP_ADD:
899 		case KAUTH_REQ_DEVICE_BLUETOOTH_BTUART_ADD:
900 			if (isroot)
901 				result = KAUTH_RESULT_ALLOW;
902 			break;
903 
904 		default:
905 			break;
906 		}
907 
908 		break;
909 		}
910 
911 	case KAUTH_DEVICE_GPIO_PINSET:
912 		/*
913 		 * root can access gpio pins, secmodel_securlevel can veto
914 		 * this decision.
915 		 */
916 		if (isroot)
917 			result = KAUTH_RESULT_ALLOW;
918 		break;
919 
920 	default:
921 		break;
922 	}
923 
924 	return (result);
925 }
926 
927 int
928 secmodel_suser_vnode_cb(kauth_cred_t cred, kauth_action_t action,
929     void *cookie, void *arg0, void *arg1, void *arg2, void *arg3)
930 {
931 	bool isroot;
932 	int result;
933 
934 	isroot = suser_isroot(cred);
935 	result = KAUTH_RESULT_DEFER;
936 
937 	if (isroot) {
938 		/* Superuser can execute only if the file's executable. */
939 		if ((action & KAUTH_VNODE_EXECUTE) == 0 ||
940 		    (action & KAUTH_VNODE_IS_EXEC))
941 			result = KAUTH_RESULT_ALLOW;
942 	}
943 
944 	return (result);
945 }
946 
947